![Page 1: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/1.jpg)
© MikroTik 2007
MikroTik RouterOS TrainingBasic Class
Johannesburg, South Africa28 Sep – 1 Oct
![Page 2: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/2.jpg)
© MikroTik 2007 2
Schedule09:00 – 10:30 Morning Session I
10:30 – 11:00 Morning Break
11:00 – 12:30 Morning Session II12:30 – 13:30 Lunch Break
13:30 – 15:00 Afternoon Session I15:00 – 15:30 Afternoon Break
15:30 – 17:00 Afternoon Session II(Day 3)15:30 – 16:30 Certification Test ~18:00 – Certification Results
![Page 3: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/3.jpg)
© MikroTik 2007 3
InstructorChris Sutherland, Miro Distribution
Working as Support and Training Engineer at Miro distribution, and fully MikroTik qualified.
![Page 4: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/4.jpg)
© MikroTik 2007 4
Course ObjectiveProvide holistic perspective about RouterOS software and RouterBoard capabilities Ensure necessary knowledge and hands-on training for basic network management - MikroTik router integration, configuration, maintenance and basic troubleshootingUpon completion of the course you will be familiar with most of the RouterOS features and be able to implement most common network configurations
![Page 5: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/5.jpg)
© MikroTik 2007 5
About MikroTikMission Statement
MikroTik is a router software and hardware manufacturer that offers user friendly, carrier-class routing and network management solutions. Their products are used by ISPs, individual users and companies for building data network infrastructures.
MikroTik's goal is to make existing Internet technologies faster, more powerful and more affordable to a wider range of users
![Page 6: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/6.jpg)
© MikroTik 2007 6
MikroTik's HistoryActive in WISP solutions since 1995Incorporated in 1996Since 1997 Development of own Software for Intel (PC) based routing solutionsSince 2002 Development of own Hardware2008: 75 employees
![Page 7: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/7.jpg)
© MikroTik 2007 7
Where is MikroTik?We are on the World Wide Web at www.mikrotik.comLocated in Riga, Latvia, Eastern Europe, EU
![Page 8: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/8.jpg)
© MikroTik 2007 8
Introduce YourselfPlease introduce yourself to the class
Your nameYour CompanyYour previous knowledge about RouterOSYour previous knowledge about networkingWhat do you expect from this course?
Remember your number XY in the class
My number is:_________
![Page 9: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/9.jpg)
© MikroTik 2007
MikroTik RouterOS - Basics
Installation. Licensing. Upgrading.Basic configurations in GUI and CLI
![Page 10: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/10.jpg)
© MikroTik 2007 10
What is RouterOS?RouterOS is an operating system that turns a regular PC into a multi-functional network deviceRouterOS can turn your PC into:
a dedicated routera bandwidth shapera (transparent) packet filterany 802.11a,b/g wireless devicealmost anything that concerns networking needs
![Page 11: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/11.jpg)
© MikroTik 2007 11
Obtaining the RouterOS
![Page 12: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/12.jpg)
© MikroTik 2007 12
Obtaining the RouterOS (part 2)
![Page 13: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/13.jpg)
© MikroTik 2007 13
NetinstallNetinstall is a MS Windows application able to install RouterOS 1)over the LAN2)to the additional storage media mounted on the PC
Netinstall application:installation on an empty mediaRe-installation in case of forgotten passwordsRe-installation in case of corrupted installationsRe-installation as an upgrade or downgrade (lack of the storage space to upload new packages via FTP)
![Page 14: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/14.jpg)
© MikroTik 2007 14
Installation Setup Diagram
![Page 15: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/15.jpg)
© MikroTik 2007 15
Enabling the Netinstall
![Page 16: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/16.jpg)
© MikroTik 2007 16
Installation ClientsTo turn the prospective router hardware into an installation client, it should be booted up using
Etherboot on RouterBoard hardwarePXE booting option of some network cardsA special bootable floppy disk
Once booted up, it becomes an installation client and can be installed using the Netinstall
![Page 17: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/17.jpg)
© MikroTik 2007 17
Bootable Floppy Creation
![Page 18: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/18.jpg)
© MikroTik 2007 18
EtherBoot CapabilityRouterBoards have full EtherBoot capability build into BIOSBIOS is only accessible through the serial console
![Page 19: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/19.jpg)
© MikroTik 2007 19
Netinstall Server Status
![Page 20: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/20.jpg)
© MikroTik 2007 20
Installing the Router
![Page 21: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/21.jpg)
© MikroTik 2007 21
Accessing the RouterGUI – graphical user interface
Winbox GUI (enabled interface required)
CLI – command line interfaceMonitor and keyboard (video adapter required)Serial terminal (COM port) MAC Telnet (enabled interface required)Telnet (ip address required)SSH (ip address required)
Otherhttp server (ip address required)ftp server (ip address required)
![Page 22: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/22.jpg)
© MikroTik 2007 22
Router Homepagehttp://demo2.mt.lv
Webbox – simple system configuration tool with Web based interface
Winbox tool – system configuration tool with GUI
Telnet – system configuration tool with CLI
![Page 23: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/23.jpg)
© MikroTik 2007 23
Winbox LoaderWinbox is able to connect via IP or MAC addressesWinbox also is a “Neighbour viewer”
Use the latest winbox loader version!
![Page 24: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/24.jpg)
© MikroTik 2007 24
License Required
![Page 25: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/25.jpg)
© MikroTik 2007 25
LicensingSoftware License (Software Key) is for each individual installation (Storage Media)License never expiresLicense can be obtained for current major release of RouterOSYou can downgrade to any older versionYou need to purchase a new key for a higher version of RouterOS than permitted by the license
![Page 26: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/26.jpg)
© MikroTik 2007 26
Account Server
![Page 27: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/27.jpg)
© MikroTik 2007 27
Key Management
![Page 28: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/28.jpg)
© MikroTik 2007 28
Key OrderYou can obtain a software key
from resellersfrom the account serverwithin Netinstallfrom Winbox
You can enter the key into the router through the CLI or the GUI
![Page 29: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/29.jpg)
© MikroTik 2007 29
OSI StandardOpen System Interconnection (OSI) standard was originally used when creating network protocols (TCP/IP, IPX, etc)The OSI standard uses a 7-layer network model to describe network addressing, data analysis, and network hardware capabilitiesBenefits of using a layered model are:
Each layer of the OSI model is responsible for specific tasksVarious technologies can inter-operate in a standardized way
![Page 30: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/30.jpg)
© MikroTik 2007 30
OSI 7-Layer Model
7) Application layer6) Presentation layer5) Session layer4) Transport layer3) Network layer2) Data link layer1) Physical layer
![Page 31: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/31.jpg)
© MikroTik 2007 31
OSI Media Layers
![Page 32: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/32.jpg)
© MikroTik 2007 32
MAC AddressesMAC Addresses (Media Access Control) are unique addresses assigned to NICs
First part of the MAC address is assigned to the manufacturer of the hardware;The rest of the address is determined by the manufacturer;Devices, that are not manageable (e.g., HUBs and some switches) do not have MAC addresses
Example: 00:0C:42:04:9F:AE
![Page 33: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/33.jpg)
© MikroTik 2007 33
MAC Addresses (part 2)MAC addresses are used for addressing in the Data Link Layer (Layer 2) of the OSI network model (This means all communications in one LAN segment use MAC addresses)Analogy: MAC address is like person’s social security number
![Page 34: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/34.jpg)
© MikroTik 2007 34
IP AddressesIP addresses are used for logical addressing in the Network Layer (Layer 3) of the OSI network model.IP addresses
are 32 bits long (used to be globally unique)are referenced by humans via dotted decimal notation, one number per 8 bits (1 octet or byte), e.g., 159.148.147.1
Analogy: IP address is like a person’s mailing address.
![Page 35: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/35.jpg)
© MikroTik 2007 35
IP NetmaskIP netmask (with the IP address), defines which IP addresses are reachable directlyThere are 3 types of netmask notation
Byte notation Binary notation Bit notation
Examples:(byte) 255.255.224.0 = (binary) 11111111.11111111.11100000.00000000 = (bit) /19
(byte) 255.255.255.0 = (binary) 11111111.11111111.11111111.00000000 = (bit) /24
(byte) 255.255.255.248 = (binary) 11111111.11111111.11111111.11111000 = (bit) /29
![Page 36: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/36.jpg)
© MikroTik 2007 36
IP Networks: Example
IP address/netmask: 192.168.3.14/24
IP value (binary): 11000000.10101000.00000011.00001110
Netmask(binary): 11111111.11111111.11111111.00000000
Network (binary): 11000000.10101000.00000011.00000000
Network address: 192.168.3.0/24Last = Broadcast address: 192.168.3.255
Usable IP address: 192.168.3.1 -192.168.3.254
![Page 37: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/37.jpg)
© MikroTik 2007 37
Subnetting ExamplesNetwork address/mask 192.168.1.0/24
host addresses 192.168.1.1-254broadcast address 192.168.1.255
Sub-Network address/mask 192.168.1.0/25host addresses 192.168.1.1-126broadcast address 192.168.1.127
Sub-Network address/mask 192.168.1.128/25host addresses 192.168.1.129-254broadcast address 192.168.1.255
![Page 38: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/38.jpg)
© MikroTik 2007 38
Address QuizGiven IP address/netmask: 192.168.23.37/28Calculate:
Network address _______________________Broadcast address_______________________Number of usable IP addresses ________
![Page 39: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/39.jpg)
© MikroTik 2007 39
Advanced Address QuizGiven IP address/netmask: 172.16.123.109/19Calculate:
Network address _______________________
Number of usable IP addresses ________
Broadcast address_______________________
![Page 40: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/40.jpg)
© MikroTik 2007 40
Assigning an IP Address
![Page 41: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/41.jpg)
© MikroTik 2007 41
IP Address LabAdd the IP address 192.168.XY.254/24 to the router's ether1 interfaceAdd the IP address 192.168.XY.1/24 to your laptop's Ethernet interfaceCheck the network using the “ping” command
From laptop: Start -> Run -> ping 192.168.XY.254 -t
![Page 42: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/42.jpg)
© MikroTik 2007 42
Basic Wireless ConfigurationMode – operating mode
Station – a clientAp-bridge – Access PointBridge – AP for 1 client
SSID – used to separate wireless network
Band – client and AP must operate in the same band
Frequency – operating frequency of the AP
![Page 43: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/43.jpg)
© MikroTik 2007 43
Wireless Setup LabEnable your wireless interface on the routerSet “band” to 5Ghz (press “Apply”)Scan your area for wireless networks in this band (use “Scan” button)Connect to the network with SSID: “ap_rb532”
Add the IP address 10.1.1.XY/24 to the router's wlan1 interfaceCheck the network using the ping command
From router: Tool -> Ping -> 10.1.1.254
![Page 44: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/44.jpg)
© MikroTik 2007 44
Neighbour Viewer
![Page 45: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/45.jpg)
© MikroTik 2007 45
Command Line Interface (CLI)For the first time log on as ‘admin’, no password.Once logged in, press [?] to see the all commands at the current menu level
[admin@MikroTik] > [?]Press [Tab] twice and you will see a short list of the available commands
[admin@MikroTik] > ip [Tab][Tab]You can use these commands in any level
[admin@MikroTik] > ip address [?][admin@MikroTik] > ip address print [Enter]
![Page 46: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/46.jpg)
© MikroTik 2007 46
Using CLI : Console CompletionCommands and arguments don't have to be completely typed, hit [Tab] to complete the typing:
[admin@MikroTik] > ip add[Tab][admin@MikroTik] > ip address
If single [Tab] doesn’t work, hit it twice to see available options
[admin@MikroTik] > i[Tab][Tab]import interface ip[admin@MikroTik] > in[Tab][admin@MikroTik] > interface
![Page 47: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/47.jpg)
© MikroTik 2007 47
Using CLI : NavigationYou can go step-by-step down into menus:
[admin@MikroTik] > ip [Enter][admin@MikroTik] ip > address [Enter][admin@MikroTik] ip address> print [Enter]
Use “..” to go one level up in the menu tree[admin@MikroTik] ip address> .. [Enter][admin@MikroTik] ip > .. [Enter][admin@MikroTik] >
Use [/] to go up to the root level[admin@MikroTik] ip address> /[admin@MikroTik] >
![Page 48: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/48.jpg)
© MikroTik 2007 48
‘Print’ and ‘Monitor’‘print’ is one of the most often used commands in the CLI. It prints a list of items, and can be issued with a number of arguments, e.g.,
print status,print interval=2s,print without-paging, etc.
Use ‘print ?’ to see the available arguments‘monitor’ continuously shows status of items
‘/in et monitor ether2’
![Page 49: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/49.jpg)
© MikroTik 2007 49
'Add', 'Set' and 'Remove'Use the 'add' command to create additional items, you can specify a set of options for this new item in a particular menu.You can change some options for already existing items by using the 'set' commandOr you can delete items by using the 'remove' command
![Page 50: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/50.jpg)
© MikroTik 2007 50
'Undo' and 'Redo'To revert to a previous configuration state, use the '/undo' command
[admin@MikroTik] > /undo
To repeat the last undone action, enter the '/redo' command
[admin@MikroTik] > /redo
![Page 51: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/51.jpg)
© MikroTik 2007 51
IP RoutesThe route indicates a path to a specific network over specific gateway or interfaceIf you have added an IP address to active router's interface, there will be a dynamic (D) active (A) route in the “/ip route” menuYou need to “tell” the router where to send IP packets for hosts, that do not belong to any of the directly connected networks
![Page 52: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/52.jpg)
© MikroTik 2007 52
Default RouteIf there is a “smart” host on the network which knows how to send packets to other networks, you can use it as the default gateway for your router and add a static default route with
destination 0.0.0.0/0 (any address)the IP address of the “smart” host as the gateway
![Page 53: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/53.jpg)
© MikroTik 2007 53
Winbox: IP Routes
![Page 54: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/54.jpg)
© MikroTik 2007 54
Network Management ToolsPing is utility to determine whether a specific IP address is “accessible”Traceroute is utility to trace a packet by showing the hops it makes to reach destination. If the next hop is unreachable, the problem might be in routing
![Page 55: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/55.jpg)
© MikroTik 2007 55
Routing LabCreate a Masquerade Rule in Firewall (watch instructor!!!)Create a route between your local and your neighbour's networkCheck the network using the ping command
Your Laptop -> Ping -> Neighbours Laptop
Create default (to every other network) route to gateway 10.1.1.254
Your Laptop -> Ping -> Any IP in internet
Tip: route must be added for both directions
![Page 56: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/56.jpg)
© MikroTik 2007 56
Package ManagementYou can enable and disable software packages to achieve necessary set of RouterOS functions You can install and uninstall software packages to free up disk space
To have all latest functionality, upgrade your router to the latest version of RouterOS
You can also downgrade your software version.
![Page 57: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/57.jpg)
© MikroTik 2007 57
Drag'n'Drop
![Page 58: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/58.jpg)
© MikroTik 2007 58
Winbox: Package Management
OR
![Page 59: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/59.jpg)
© MikroTik 2007 59
Package Management LabDownload latest RouterOS installation from ftp://[email protected] your router to the latest versionReboot the router
![Page 60: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/60.jpg)
© MikroTik 2007 60
Some TipsUse the 'system identity' menu to specify router's name and avoid confusion when working with several routers at the same time Use the 'ip sevices' menu to allow only necessary services from specific IPsUse the 'ip dhcp-client' menu to enable automatic network configuration if the DHCP service is available on the networkTake a look at the 'ip arp' menu to see MAC–IP relations
![Page 61: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/61.jpg)
© MikroTik 2007 61
DHCP Client
![Page 62: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/62.jpg)
© MikroTik 2007 62
MasqueradeMasquerade is a specific application of Network Address Translation (NAT). It is most commonly used to hide multiple hosts behind the router's public IP addressesThis type of NAT is performed on packets that are originated from the private networkMasquerade replaces the private source address of an IP packet with a router's public IP address as it travels through the router
![Page 63: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/63.jpg)
© MikroTik 2007 63
Winbox: NAT Rule
![Page 64: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/64.jpg)
© MikroTik 2007 64
Masquerade Rule
![Page 65: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/65.jpg)
© MikroTik 2007 65
DNS Client and CacheDNS cache minimize DNS requests to an external DNS server as well as DNS resolution timeMikroTik router can act as a DNS server for any DNS-compliant clientsDNS client is used to provide domain name resolution for the router itselfThe DNS configuration can be exported to the DHCP and Hotspot connected users
![Page 66: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/66.jpg)
© MikroTik 2007 66
DNS Client and Cache
![Page 67: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/67.jpg)
© MikroTik 2007 67
DNS Client LabSet 10.1.1.254 as the primary DNS server for the router and enable remote requestsTick “allow remote requests”Set your router as the primary DNS server for your laptop
Enjoy the Internet
![Page 68: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/68.jpg)
© MikroTik 2007 68
UsersYou must make your own user with a secure password and get rid of the default user 'admin' (but not in this class)You can create and assign a specific profile for a specific userYou can allow specific users to log in only from allowed IP addresses You can view active users
![Page 69: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/69.jpg)
© MikroTik 2007 69
Winbox: Users
![Page 70: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/70.jpg)
© MikroTik 2007 70
Winbox: User Groups
![Page 71: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/71.jpg)
© MikroTik 2007 71
Clock SettingsTo get correct logging or graphing data you must set correct time on the routerBoards without a BIOS battery will lose time settings in case of power failure, to avoid that you must use the NTP clientNTP stands for Network Time Protocol – a network service, that allows to synchronize time with a remote serverNTP server example: ntp.is.co.za
![Page 72: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/72.jpg)
© MikroTik 2007 72
Winbox: Clock Settings
![Page 73: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/73.jpg)
© MikroTik 2007 73
Import and ExportYou can export all the configuration from a specific menu to an editable script file:
[admin@MikroTik] > /export file=all[admin@MikroTik] > /ip address export file=addressfiles will be stored on the router
You can import script files[admin@MikroTik] > /import file=all[admin@MikroTik] > /import file=addressFiles must be on the router
Script file is a plain text file which contains CLI commands
![Page 74: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/74.jpg)
© MikroTik 2007 74
System BackupNote:You cannot export passwordsYou can backup all the configuration using the “backup” button in the winbox “files” menuYou can restore backups using the “restore button in the winbox “files” menu
![Page 75: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/75.jpg)
© MikroTik 2007 75
BridgeEthernet-like networks can be connected together using OSI Layer 2 bridgesThe bridge feature allows interconnection of hosts connected to separate LANs as if they were attached to a single LAN segmentBridges extend the broadcast domain and increase the network traffic on bridged LANAs bridges are transparent, they do not appear in traceroute list, and it is impossible to detect if you using them or not
![Page 76: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/76.jpg)
© MikroTik 2007 76
Creating a Bridge
![Page 77: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/77.jpg)
© MikroTik 2007 77
Assigning Ports to the Bridge
![Page 78: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/78.jpg)
© MikroTik 2007 78
Basic Setup LabCreate your own userSet correct time; set up the NTP-client (use server time.nist.govBackup your configuration and make a copy to the laptopCreate the bridge interfaceAssign ether2 and ether3 ports to the bridgeCheck the bridge with the Winbox Loader
![Page 79: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/79.jpg)
© MikroTik 2007
The Dude
Network management and monitoring application
![Page 80: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/80.jpg)
© MikroTik 2007 80
![Page 81: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/81.jpg)
© MikroTik 2007 81
Network structure auto discoveryCustomizable layoutMap display variables and statisticsConfigurable tools for any deviceRouterOS configurationPing/traceroute from other devicesWinbox access from the mapCentralized upgrade of router groups
Network Management
![Page 82: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/82.jpg)
© MikroTik 2007 82
![Page 83: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/83.jpg)
© MikroTik 2007 83
Network MonitoringService statusLink trafficSNMP statistics and charts, for example:
CPU, memory and disk usage
IP addresses and routes
wireless registration table
Event history reportsAlerts (sound, popup, log, mail, execute)
![Page 84: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/84.jpg)
© MikroTik 2007 84
History ReportsOutage historyService availability chartsCustom SNMP statistics charts
![Page 85: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/85.jpg)
© MikroTik 2007 85
![Page 86: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/86.jpg)
© MikroTik 2007
MikroTik RouterOS - WirelessBasic wireless concepts in
point-to-point links, stand alone access points and wireless mesh systems
![Page 87: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/87.jpg)
© MikroTik 2007 87
Wireless Basic ConfigurationMode – operating mode
Station – a clientAp-bridge – Access PointBridge – AP for 1 client
SSID – used to separate wireless network
Band – mode where client and AP must operate
Frequency – operating frequency of AP
![Page 88: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/88.jpg)
© MikroTik 2007 88
Wireless Scan Tool
![Page 89: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/89.jpg)
© MikroTik 2007 89
Wireless Scan LabRestore configuration backup (slide 78)Set wireless cards “Radio name” option to “XY_<name>” where “XY” is your numberCheck the network using the ping command while scanning
From router: Tool -> Ping -> 10.1.1.254
Open wireless “Scan” tool and press “Start” and check the network againClose wireless “Scan” tool and check the network again
![Page 90: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/90.jpg)
© MikroTik 2007 90
Client Traffic Managementdefault-AP-tx-rate -limits each client's receive data rate. default-client-tx-rate - limits each client's transmit data rate.(Works only for MikroTik RouterOS clients!!!)
![Page 91: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/91.jpg)
© MikroTik 2007 91
Interconnection Managementdefault-forwarding – gives ability to enable the communication between the wireless clients
default-authentication – enables AP to register a client even if it is not in access list. If this is set for client, it allows to associate with AP not listed in client's connect list
![Page 92: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/92.jpg)
© MikroTik 2007 92
Access List
You can set individual setting for each client, this setting will override the default setting
![Page 93: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/93.jpg)
© MikroTik 2007 93
Connect List
You can allow or deny clients from connecting to specific AP's by using Connect list (used also for wds links)
![Page 94: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/94.jpg)
© MikroTik 2007 94
Registration Table
![Page 95: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/95.jpg)
© MikroTik 2007 95
Choose Your AP LabInstructor will create second access point with the same SSID and frequency, but the radio name (NOT THE SSID) will be “Radio_main”Ensure that you are connected to the new AP
Use Scan tool, to find out the correct MAC addressUse registration table to find out where you connected toUse Connect-list to ensure the right connectivity
![Page 96: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/96.jpg)
© MikroTik 2007 96
Wireless Standards (Legacy)IEEE 802.11b
• 2.4ghz-b - 11Mbps• 2.4ghz-b/g - 11Mbps,
IEEE 802.11g• 2.4ghz-b/g - 54Mbps • 2.4ghz-only-g - 54Mbps• 2.4ghz-g-turbo - 108Mbps
IEEE 802.11a • 5ghz - 54Mbps• 5ghz-turbo - 108Mbps
Band
Band
Band
●Frequency:2412-2472MHz
●Frequency:5180-5320MHz5745-5805MHz
●Frequency:2412-2472MHz
![Page 97: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/97.jpg)
© MikroTik 2007 97
Wireless Standards Frequencies
![Page 98: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/98.jpg)
© MikroTik 2007 98
Channels- 802.11b/g (2.4 Ghz)
(11) 22 MHz wide channels (US)3 non-overlapping channels3 Access Points can occupy same area without interfering
1 2 3 4 5 6 7 8 9 10 112400
2483
![Page 99: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/99.jpg)
© MikroTik 2007 99
Channels- 802.11a (5 Ghz)
(12) 20 MHz wide channels(5) 40MHz wide turbo channels
36 40
5150
44 48 52 56 60 64
53505180 5200 5220 5240 5260 5280 5300 5320
5210 5250 5290
149 153
5735
157 161
5745 5765 5785 5805 5815
5760 5800
585042
152 160
![Page 100: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/100.jpg)
© MikroTik 2007 100
Supported BandsAll 802.11a and 802.11b/g standard bandsVariation of IEEE 802.11 with half of the band
2Ghz-10MHz and 5Ghz-10MHz max rate half of 54 Mbps (27Mbps)
Variation of IEEE 802.11 with quarter of the band
2Ghz-5MHz and 5Ghz-5MHzmax rate quarter of 54 Mbps (13.5Mbit)
![Page 101: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/101.jpg)
© MikroTik 2007 101
Supported FrequenciesA Wireless card might support the following frequencies
For all 2.4GHz bands: 2312-2499MHzFor all 5GHz bands: 4920-6100MHz
Your country regulations allow only particular frequency ranges
Only custom frequency license will unlock all wireless card supported frequencies
![Page 102: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/102.jpg)
© MikroTik 2007 102
Snooper
![Page 103: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/103.jpg)
© MikroTik 2007 103
Rate Flapping
You can optimize link performance, by avoiding rate jumps, in this case link will work more stable at 36Mbps rate
54Mbps54Mbps
36Mbps48Mbps
Recalibration Recalibration
5% of time
15% of time80% of time
![Page 104: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/104.jpg)
© MikroTik 2007 104
Basic and Supported RatesSupported rates are client data ratesBasic rates are link management data rates If the wireless card isn't able to send or receive data at basic rate – link goes down
![Page 105: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/105.jpg)
© MikroTik 2007 105
Air Rate
The actual throughput, roughly speaking, is only around one half of the data rate
Basic rate 6Mbps
Data rate 36Mbps
![Page 106: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/106.jpg)
© MikroTik 2007 106
Actual Throughput LabCreate your own network with your neighbour(s) – use unique SSID, and frequency in 5Ghz band (coordinate it with other groups)Disable all supported rates except 6Mbps and 9MbpsUse “Tools -> bandwidth test” (one at the time) to check actual throughput
Try it with small 64 bytes packets (protocol=udp) Try it with big 1500 bytes packets (protocol=udp)
![Page 107: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/107.jpg)
© MikroTik 2007 107
Wireless Interface Mode Settingsstation – client; can not be bridgedstation pseudobridge – client; can be bridgedalignment-only – mode for positioning antennas nstreme-dual-slave – card will be used in nstreme-dual interfacewds-slave – works as ap-bridge mode but adapts to the WDS peers frequencystation-wds – client which can be bridged (AP should support WDS feature)
![Page 108: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/108.jpg)
© MikroTik 2007 108
Wireless Distribution SystemWDS (Wireless Distribution System) allows packets to pass from one wireless AP to another, just as if the APs were ports on a wired Ethernet switch.APs must use the same band and SSID, work on the same frequencies in order to connect to each other.WDS is used to make bridged networks across wireless links and to extend the network using wireless.
![Page 109: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/109.jpg)
© MikroTik 2007 109
Simple WDS Setup
![Page 110: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/110.jpg)
© MikroTik 2007 110
Wireless Distribution SystemWDS link can be created between wireless interfaces in several mode variations:
(ap_)bridge* – (ap_)bridge* (ap_)bridge* – wds_slave(ap_)bridge* – station_wds
* - (ap_)bridge = ap_bridge OR bridgeYou must disable DFS setting when using WDS with more than one AP
![Page 111: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/111.jpg)
© MikroTik 2007 111
Wireless Distribution SystemStatic WDS is created manually, require to specify destination MAC address and master interfaceDynamic WDS is created 'on the fly' and appears under wds menu as a dynamic interface.
![Page 112: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/112.jpg)
© MikroTik 2007 112
Dynamic WDS and WDS MeshWDS mesh can be created between two APs, both must have WDS (static or dynamic) feature enabled APs must have same SSID or the “WDS ignore SSID” feature enabledWe must create a bridge to use dynamic wds feature
![Page 113: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/113.jpg)
© MikroTik 2007 113
WDS Mesh
![Page 114: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/114.jpg)
© MikroTik 2007 114
Bridge Creation
![Page 115: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/115.jpg)
© MikroTik 2007 115
(R)STP-Bridge(R)STP stands for (Rapid) Spanning Tree Protocol, a link management protocol that provides path redundancy while preventing undesirable loops in the network.RSTP and STP are almost identical, RSTP is STP-compatibleMajor difference is:
STP avoids temporary loops using timerRSTP avoid temporary loops by coordination between neighbours,thus is is adapting to changes faster
![Page 116: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/116.jpg)
© MikroTik 2007 116
Dynamic WDS LabCreate a bridge interfaceSwitch wireless card mode to “ap-bridge”Enable wireless card in dynamic WDS mode and specify the default-wds-bridge optionAdd 10.1.1.XY/24 IP to the bridge interfaceCheck your network
From Your router try to ping any other router
![Page 117: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/117.jpg)
© MikroTik 2007 117
Static WDSTo use static WDS use “ap-bridge” modeSet WDS mode to “static” and WDS default bridge to “none”Create static WDS interfaces
![Page 118: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/118.jpg)
© MikroTik 2007 118
Static WDS Interface
![Page 119: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/119.jpg)
© MikroTik 2007 119
Static WDS LabAdjust the setup from the previous lab, to use WDS static mode
Configure your wireless card accordinglyCreate the static WDS interfaceAdd necessary ports to the bridge
![Page 120: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/120.jpg)
© MikroTik 2007 120
MikroTik Nstreme
Nstreme is MikroTik's proprietary (i.e., incompatible with other vendors) wireless protocol created to improve point-to-point and point-to-multipoint wireless links.
![Page 121: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/121.jpg)
© MikroTik 2007 121
Nstreme ProtocolBenefits of Nstreme protocol:
Client polling Very low protocol overhead per frame allowing super-high data rates No protocol limits on link distance No protocol speed degradation for long link distances Dynamic protocol adjustment depending on traffic type and resource usage
![Page 122: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/122.jpg)
© MikroTik 2007 122
Nstreme Protocol: Framesframer-limit - maximal frame sizeframer-policy - the method how to combine frames.
none - do not combine packetsbest-fit - put as much packets as possible in one frame (don't fragment last packet) exact-size – same as best-fit, but with the last packet fragmentationdynamic-size - choose the best frame size dynamically
![Page 123: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/123.jpg)
© MikroTik 2007 123
Nstreme LabRestore configuration backup (slide 78)Create a separate wireless network with your neighbourRoute your private networks togetherEnable Nstreme and check link productivity with different framer polices
![Page 124: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/124.jpg)
© MikroTik 2007 124
MikroTik Nstreme Dual
Nstreme dual wireless links work with a pair of wireless cards (Atheros chipset cards only) – one transmitting, one receiving
![Page 125: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/125.jpg)
© MikroTik 2007 125
Nstreme Dual InterfaceSet both wireless cards into “nstreme_dual_slave” modeCreate Nstreme dual interface (press “plus” button in wireless interface window)Use framer policy only if necessary
![Page 126: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/126.jpg)
© MikroTik 2007 126
Winbox: Wireless Regulations
![Page 127: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/127.jpg)
© MikroTik 2007 127
Wireless RegulationsTo follow all the regulations in your wireless communication domain you must specify:
Country where wireless system will operateFrequency mode to regulatory domain – you will be able to use only allowed channels with allowed transmit powersAntenna gain of antenna attached to this routerDFS mode – periodically will check for less used frequency and change to it
![Page 128: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/128.jpg)
© MikroTik 2007
MikroTik RouterOS - Firewall
Firewall filters, Network Intrusion Detection System (NIDS),
Network Address Translation (NAT)
![Page 129: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/129.jpg)
© MikroTik 2007 129
Firewall Filters StructureFirewall filter rules are organized in chainsThere are default and user-defined chainsThere are three default chains
input – processes packets sent to the routeroutput – processes packets sent by the routerforward – processes packets sent through the router
Every user-defined chain should subordinate to at least one of the default chains
![Page 130: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/130.jpg)
© MikroTik 2007 130
Firewall FiltersThe firewall filter facility is a tool for packet filteringFirewall filters consist from a sequence of IF-THEN rules
0) IF <condition(s)> THEN <action>1) IF <condition(s)> THEN <action>2) IF <condition(s)> THEN <action>
If a packet doesn't meet all the conditions of the rule, it is sent on to the next rule.If a packet meets all the conditions of the rule, specified action is performed on it.
![Page 131: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/131.jpg)
© MikroTik 2007 131
Filter Rules – Winbox View
![Page 132: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/132.jpg)
© MikroTik 2007 132
Firewall Filter ChainsYou can reroute traffic to user-defined chains using action jump (and reroute it back to the default chain using action return)Users can add any number of chains User-defined chains are used to optimize the firewall structure and make it more readable and manageableUser-defined chains help to improve performance by reducing the average number of processed rules per packet
![Page 133: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/133.jpg)
© MikroTik 2007 133
User-Defined Chains
![Page 134: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/134.jpg)
© MikroTik 2007 134
Firewall Building TacticsAccept only needed, drop everything else
Drop all unneeded, accept everything else
![Page 135: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/135.jpg)
© MikroTik 2007 135
Connection TrackingConnection Tracking (or Conntrack) system is the heart of firewall, it gathers and manages information about all active connections.By disabling the conntrack system you will lose functionality of the NAT and most of the filter and mangle conditions.Each conntrack table entry represents bidirectional data exchangeConntrack takes a lot of CPU resources (disable it, if you don't use firewall)
![Page 136: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/136.jpg)
© MikroTik 2007 136
Conntrack – Winbox View
![Page 137: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/137.jpg)
© MikroTik 2007 137
Condition: Connection StateConnection state is a status assigned to each packet by conntrack system:
New – packet is opening a new connectionEstablished – packet belongs to already known connectionInvalid – packet does not belong to any of the known connectionsRelated – packet is also opening a new connection, but it is in some kind relation to already known connection
Connection state ≠ TCP state
![Page 138: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/138.jpg)
© MikroTik 2007 138
First Rule Example
![Page 139: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/139.jpg)
© MikroTik 2007
Chain Input
Protection of the router – allowing only necessary services from reliable source addresses with
agreeable load.
![Page 140: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/140.jpg)
© MikroTik 2007 140
Chain Input LabCreate 3 rules to ensure that only connection-state new packets will proceed through the input filter
Drop all connection-state invalid packetsAccept all connection-state related packetsAccept all connection-state established packets
Create 2 rules to ensure that only you can connect to the router (Please be careful)
Accept all packets from your laptop IP Drop everything else
![Page 141: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/141.jpg)
© MikroTik 2007 141
Firewall MaintenanceWrite comment for each firewall rule, to make your firewall more manageableLook at the rule counters, to determine rule activityChange rule position to get necessary orderUse action “passthrough” to determine amount of traffic before applying any actionUse action “log” to collect detailed information about traffic
![Page 142: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/142.jpg)
© MikroTik 2007 142
Action “log”
![Page 143: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/143.jpg)
© MikroTik 2007 143
RouterOS Services
![Page 144: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/144.jpg)
© MikroTik 2007 144
Important IssueFirewall filters do not filter MAC level communicationsYou should turn off MAC-telnet and MAC-Winbox features at least on the public interfaceYou should disable network discovery feature and router would not reveal itself anymore (“/ip neighbor discovery” menu)
![Page 145: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/145.jpg)
© MikroTik 2007 145
MAC-telnet and MAC-winbox
![Page 146: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/146.jpg)
© MikroTik 2007
Chain Forward
Protection of the customers from the viruses and protection of the Internet from the customers
![Page 147: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/147.jpg)
© MikroTik 2007 147
Chain Forward LabCreate 3 rules to ensure that only connection-state new packets will proceed through the chain forward (same as in the Chain Input Lab)
Create rules to close most popular ports of viruses
Drop TCP and UDP port range 137-139Drop TCP and UDP port 445
![Page 148: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/148.jpg)
© MikroTik 2007 148
Virus Port FilterAt the moment the are few hundreds active trojans and less than 50 active wormsYou can download the complete “virus port blocker” chain (~330 drop rules with ~500 blocked virus ports) from demo2.mt.lv (username:demo password:blank)Some viruses and trojans use standard services ports and can not be blocked.
![Page 149: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/149.jpg)
© MikroTik 2007 149
Address List OptionsInstead of creating one filter rule for each IP network address, you can create only one rule for IP address list. Use “Src./Dst. Address List” options Create an address list in “/ip firewall address-list” menu
![Page 150: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/150.jpg)
© MikroTik 2007
User-defined Chains
Firewall structure, chain re usability
![Page 151: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/151.jpg)
© MikroTik 2007 151
ICMP ProtocolInternet Control Message Protocol (ICMP) is basic network troubleshooting tool, it should be allowed to bypass the firewallTypical IP router uses only five types of ICMP messages (type:code)
For PING - messages 0:0 and 8:0For TRACEROUTE – messages 11:0 and 3:3For Path MTU discovery – message 3:4
Every other type ICMP messages should be blocked
![Page 152: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/152.jpg)
© MikroTik 2007 152
ICMP Message Rule Example
![Page 153: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/153.jpg)
© MikroTik 2007 153
ICMP Chain LabMake the new chain – ICMP
Accept 5 necessary ICMP messagesDrop all other ICMP packets
Move all ICMP packets to ICMP chainCreate an action “jump” rule in the chain Input Place it accordinglyCreate an action “jump” rule in the chain ForwardPlace it accordingly
![Page 154: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/154.jpg)
© MikroTik 2007 154
ICMP Jump Rule
![Page 155: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/155.jpg)
© MikroTik 2007 155
Network Intrusion TypesNetwork intrusion is a serious security risk that could result in not only the temporal denial, but also in total refusal of network serviceWe can point out 4 major network intrusion types:
Ping floodPort scanDoS attackDDoS attack
![Page 156: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/156.jpg)
© MikroTik 2007 156
Ping FloodPing flood usually consist from volumes of random ICMP messagesWith “limit” condition it is possible to bound the rule match rate to a given limit This condition is often used with action “log”
![Page 157: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/157.jpg)
© MikroTik 2007 157
Port ScanPort Scan is sequential TCP (UPD) port probingPSD (Port scan detection) is possible only for TCP protocolLow ports
From 0 to 1023High ports
From 1024 to 65535
![Page 158: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/158.jpg)
© MikroTik 2007 158
Intrusion Protection LabAdjust all 5 accept rules in the chain ICMP to match rate 5 packets per second with 5 packet burst possibilityCreate PSD protection
Create a PSD drop rule in the chain InputPlace it accordinglyCreate a PSD drop rule in the chain ForwardPlace it accordingly
![Page 159: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/159.jpg)
© MikroTik 2007 159
DoS AttacksMain target for DoS attacks is consumption of resources, such as CPU time or bandwidth, so the standard services will get Denial of Service (DoS)Usually router is flooded with TCP/SYN (connection request) packets. Causing the server to respond with a TCP/SYN-ACK packet, and waiting for a TCP/ACK packet.Mostly DoS attackers are virus infected customers
![Page 160: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/160.jpg)
© MikroTik 2007 160
DoS Attack ProtectionAll IP's with more than 100 connections to the router should be considered as DoS attackersWith every dropped TCP connection we will allow attacker to create new connectionWe should implement DoS protection into 2 steps:
Detection - Creating a list of DoS attackers on the basis of connection-limitSuppression – applying restrictions to the detected DoS attackers
![Page 161: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/161.jpg)
© MikroTik 2007 161
DoS Attack Detection
![Page 162: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/162.jpg)
© MikroTik 2007 162
DoS Attack SuppressionTo bound the attacker from creating a new connections, we will use action“tarpit” We must place this rule before the detection rule or else address-list entry will rewrites all the time
![Page 163: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/163.jpg)
© MikroTik 2007 163
DDoS attacksA Distributed Denial of Service attack is very similar to DoS attack only it occurs from multiple compromised systemsOnly thing that could help is “TCPSyn Cookie” option in conntrack system
![Page 164: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/164.jpg)
© MikroTik 2007
Network Address Translation(NAT)
Destination NAT, Source NAT, NAT traversal
![Page 165: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/165.jpg)
© MikroTik 2007 165
NAT TypesAs there are two IP addresses and ports in an IP packet header, there are two types of NAT
The one, which rewrites source IP address and/or port is called source NAT (src-nat)The other, which rewrites destination IP address and/or port is called destination NAT (dst-nat)
Firewall NAT rules process only the first packet of each connection (connection state “new” packets)
![Page 166: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/166.jpg)
© MikroTik 2007 166
Firewall NAT StructureFirewall NAT rules are organized in chainsThere are two default chains
dstnat – processes traffic sent to and through the router, before it divides in to “input” and “forward” chain of firewall filter. srcnat – processes traffic sent from and through the router, after it merges from “output” and “forward” chain of firewall filter.
There are also user-defined chains
![Page 167: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/167.jpg)
© MikroTik 2007 167
Firewall NATThe firewall NAT facility is a tool for rewriting packet's header information.Firewall NAT consist from the sequence of IF-THEN rules
0) IF <condition(s)> THEN <action>1) IF <condition(s)> THEN <action>2) IF <condition(s)> THEN <action>
If a packet doesn't meet all the conditions of the rule, it will be sent on to the next rule.If a packet meet all the conditions of the rule, specified action will be performed on it.
![Page 168: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/168.jpg)
© MikroTik 2007 168
NAT Rules - Winbox View
![Page 169: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/169.jpg)
© MikroTik 2007 169
NAT ActionsThere are 6 specific actions in the NAT
dst-natredirectsrc-natmasquaradenetmapsame
There are 7 more actions in the NAT, but they are exactly the same as in firewall filters
![Page 170: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/170.jpg)
© MikroTik 2007 170
Src-NATAction “src-nat” changes packet's source address and/or port to specified address and/or portThis action can take place only in chain srcnatTypical application: hide specific LAN resources behind specific public IP address
![Page 171: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/171.jpg)
© MikroTik 2007 171
Src-NAT Rule Example
![Page 172: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/172.jpg)
© MikroTik 2007 172
MasqueradeAction “masquerade” changes packet's source address router's address and specified portThis action can take place only in chain srcnatTypical application: hide specific LAN resources behind one dynamic public IP address
![Page 173: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/173.jpg)
© MikroTik 2007 173
Masquerade Rule Example
![Page 174: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/174.jpg)
© MikroTik 2007 174
Source NAT DrawbacksHosts behind a NAT-enabled router do not have true end-to-end connectivity:
connection initiation from outside is not possiblesome TCP services will work in “passive” modesrc-nat behind several IP addresses is unpredictablesame protocols will require so-called NAT helpers to to work correctly (NAT traversal)
![Page 175: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/175.jpg)
© MikroTik 2007 175
NAT HelpersYou can specify ports for existing NAT helpers, but you can not add new helpers
![Page 176: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/176.jpg)
© MikroTik 2007 176
Src-NAT LabYou have been assigned one “public” IP address 172.16.0.XY/32Assign it to the wireless interfaceAdd src-nat rule to “hide” your private network 192.168.XY.0/24 behind the “public” addressConnect from your laptop using winbox, ssh, or telnet via your router to the main gateway 10.1.1.254Check the IP address you are connecting from (use “/user active print” on the main gateway)
![Page 177: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/177.jpg)
© MikroTik 2007 177
Dst-NATAction “dst-nat” changes packet's destination address and port to specified address and portThis action can take place only in chain dstnatTypical application: ensure access to local network services from public network
![Page 178: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/178.jpg)
© MikroTik 2007 178
Dst-NAT Rule Example
![Page 179: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/179.jpg)
© MikroTik 2007 179
RedirectAction “redirect” changes packet's destination address to router's address and specified portThis action can take place only in chain dstnatTypical application: transparent proxying of network services (DNS,HTTP)
![Page 180: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/180.jpg)
© MikroTik 2007 180
Redirect Rule Example
![Page 181: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/181.jpg)
© MikroTik 2007 181
DST-Nat LabCapture all TCP and UDP port 53 packets originated from your private network 192.168.XY.0/24 and redirect them to the router itself.Set your laptops DNS server to the random IP addressClear your router's and your browser's DNS cacheTry browsing the InternetTake a look at DNS cache of the router
![Page 182: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/182.jpg)
© MikroTik 2007 182
Dst-NAT LabCapture all TCP port 80 (HTTP) packets originated from your private network 192.168.XY.0/24 and change destination address to 10.1.1.254 using dst-nat ruleClear your browser's cache on the laptopTry browsing the Internet
![Page 183: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/183.jpg)
© MikroTik 2007
MikroTik RouterOS - QoSQuality of Service
Simple limitation using Simple Queues.Traffic marking using Firewall Mangle.Traffic prioritization using Queue Tree.
![Page 184: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/184.jpg)
© MikroTik 2007 184
Speed LimitingForthright control over data rate of inbound traffic is impossibleThe router controls the data rate indirectly by dropping incoming packetsTCP protocol adapts itself to the effective connection speedSimple Queue is the easiest way to limit data rate
![Page 185: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/185.jpg)
© MikroTik 2007 185
Simple QueuesSimple queues make data rate limitation easy. One can limit:
Client's rx rate (client's download)Client's tx rate (client's upload)Client's tx + rx rate (client's aggregate)
While being easy to configure, Simple Queues give control over all QoS features
![Page 186: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/186.jpg)
© MikroTik 2007 186
Simple Limitation
![Page 187: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/187.jpg)
© MikroTik 2007 187
Simple Queue LabCreate one simple queue to limit your local network's upload/download data rate to 256Kbps/512KbpsCheck the limitation!Create another simple queue to limit your laptop's upload/download data rate to 64Kbps/128KbpsCheck the limitation!Reorder queues
![Page 188: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/188.jpg)
© MikroTik 2007 188
Limitation and QoSQoS is not only limitation!QoS is an attempt to use the existing resources rationally (it is not of an interest not to use all the available speed)QoS balances and prioritizes the traffic flow and prevents monopolizing the (always too narrow) channel. That is why it is called “Quality of Service”
![Page 189: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/189.jpg)
© MikroTik 2007 189
QoS Basic PrinciplesQoS is implemented not only by limitations, but by additional queuing mechanism like:
BurstDual limitationQueue hierarchyPriorityQueue discipline
Queuing disciplines control the order and speed of packets going out through the interface
![Page 190: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/190.jpg)
© MikroTik 2007 190
BurstBurst is one of the means to ensure QoSBursts are used to allow higher data rates for a short period of timeIf an average data rate is less than burst-threshold, burst could be used( actual data rate can reach burst-limit)Average data rate is calculated from the last burst-time seconds
![Page 191: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/191.jpg)
© MikroTik 2007 191
Average Data RateAverage data rate is calculated as follows:
burst-time is being divided into 16 periodsrouter calculates the average data rate of each class over these small periods
Note, that the actual burst period is not equal to the burst-time. It can be several times shorter than the burst-time depending on the max-limit, burst-limit, burst-threshold, and actual data rate history (see the graph example on the next slide)
![Page 192: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/192.jpg)
© MikroTik 2007 192
Limitation with Burst
![Page 193: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/193.jpg)
© MikroTik 2007 193
Limitation with Burst
![Page 194: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/194.jpg)
© MikroTik 2007 194
Burst LabDelete all previously created queuesCreate a queue to limit your wireless IP upload/download to 64Kbps/128KbpsSet burst to this queue
burst-limit up to 128Kbps/256Kbpsburst-threshold 32Kbps/64Kbpsburst-time 20 seconds
Use bandwidth-test to test the limitations
![Page 195: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/195.jpg)
© MikroTik 2007 195
Interface Traffic MonitorOpen up interface menu in WinBox to see tx/rx rates per interfaceOpen up any interface and select the “Traffic” tab to see the graphsUse the “monitor-traffic” command in terminal to get the traffic data per one or more interfaces, for example:
/interface monitor-traffic ether1/interface monitor-traffic ether1,ether2,ether3
![Page 196: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/196.jpg)
© MikroTik 2007 196
Interface Traffic Monitor
![Page 197: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/197.jpg)
© MikroTik 2007 197
Torch ToolTorch tool offers more detailed actual traffic report for the interfaceIt's easier to use the torch in WinBox:
Go to “Tools” > “Torch”Select an interface to monitor and click “Start”Use “Stop” and “Start” to freeze/continueRefine the output by selecting protocol and portDouble-click on specific IP address to fill in the Src. Or Dst. Address field (0.0.0.0/0 is for any address)
![Page 198: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/198.jpg)
© MikroTik 2007 198
Torch Tools
![Page 199: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/199.jpg)
© MikroTik 2007 199
Dual LimitationAdvanced, better QoSDual limitation has two rate limits:
CIR (Committed Information Rate) – in worst case scenario flow will get its limit-at no matter what (assuming we can actually send so much data)MIR (Maximal Information Rate) – in best case scenario a flow can get up to max-limit if there is spare bandwidth
![Page 200: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/200.jpg)
© MikroTik 2007 200
Dual Limitation LabCreate one queue for limiting your laptop's communication with the first test server
limit-at 86Kbps/172Kbpsmax-limit to 172Kbps/384Kbpsdst-address <first test server>
Create one queue for limiting your laptop's communication with the second test server
limit-at 86Kbps/172Kbpsmax-limit to 172Kbps/384Kbpsdst-address <second test server>
![Page 201: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/201.jpg)
© MikroTik 2007 201
Parent QueueIt is hard for the router to detect exact speed of Internet connectionTo optimize usage of your Internet resources and to ensure desired QoS operation you should assign maximal available connection speed manuallyTo do so, you should create one parent queue with strict speed limitation and assign all your queues to this parent queue
![Page 202: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/202.jpg)
© MikroTik 2007 202
Parent Queue
![Page 203: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/203.jpg)
© MikroTik 2007 203
Dual Limitation LabCreate a parent queue
max-limit to 256Kbps/512KbpsAssign both previously created queues to the parent queue
Set parent option to “main_queue”Test the limitations
![Page 204: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/204.jpg)
© MikroTik 2007 204
First Child Queue
![Page 205: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/205.jpg)
© MikroTik 2007 205
Second Child Queue
![Page 206: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/206.jpg)
© MikroTik 2007 206
Priority
8 is the lowest priority, 1 is the highestDistinction between priorities is irrelevant (two queues with priorities 1 and 8, will have same relation as two queues with priorities 1 and 2)
![Page 207: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/207.jpg)
© MikroTik 2007 207
Priority LabAdjust priorities in the “Dual Limitation Lab”Check the limitations!
![Page 208: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/208.jpg)
© MikroTik 2007 208
Queue DisciplinesQueuing disciplines can be classified into two groups by their influence on the traffic flow – schedulers and shapers
Scheduler queues reorder the packet flow. These disciplines limit the number of waiting packets, not the data rate
Shaper queues control data flow speed. They can also do a scheduling job
![Page 209: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/209.jpg)
© MikroTik 2007 209
Idealized Shapers
![Page 210: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/210.jpg)
© MikroTik 2007 210
Idealized Schedulers
![Page 211: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/211.jpg)
© MikroTik 2007 211
Queue TypesScheduler queues
BFIFOPFIFOREDSFQ
Shaper queuesPCQ
![Page 212: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/212.jpg)
© MikroTik 2007 212
FIFO AlgorithmPFIFO and BFIFO FIFO queuing disciplines do not change packet order, instead they accumulate packets until a defined limit is reached
![Page 213: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/213.jpg)
© MikroTik 2007 213
RED AlgorithmRandom Early Detect (Random Early Drop)Does not limit the speed; indirectly equalizes users' data rates when the channel is fullWhen the average queue size reaches min-threshold, RED randomly chooses which arriving packet to drop If the average queue size reaches max-threshold, all packets are droppedIdeal for TCP traffic limitation
![Page 214: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/214.jpg)
© MikroTik 2007 214
RED AlgorithmIf real queue size is much greater than max-threshold, then all excess packets are dropped
![Page 215: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/215.jpg)
© MikroTik 2007 215
SFQ AlgorithmStochastic Fairness Queuing (SFQ) cannot limit traffic at all. Its main idea is to equalize traffic flows when your link is completely full. The fairness of SFQ is ensured by hashing and round-robin algorithms Hashing algorithm is able to divides the session traffic in up to 1024 sub queues , if there is more some of them will have to skip a round. The round-robin algorithm dequeues allot bytes from each sub queue in a turn
![Page 216: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/216.jpg)
© MikroTik 2007 216
SFQ Algorithm
After perturb seconds the hashing algorithm changes and divides the session traffic to other subqueues
![Page 217: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/217.jpg)
© MikroTik 2007 217
SFQ ExampleSFQ should be used for equalizing similar connectionUsually used to manage information flow to or from the servers, so it can offer services to every customerIdeal for p2p limitation, it is possible to place strict limitation without dropping connections,
![Page 218: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/218.jpg)
© MikroTik 2007 218
PCQ AlgorithmPer Connection Queue allow to choose classifiers (one or more of src-address, dst-address, src-port, dst-port)PCQ does not limit the number of sub flows It is possible to limit the maximal data rate that is given to each of the current sub flowsPCQ is memory consumptive!!
![Page 219: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/219.jpg)
© MikroTik 2007 219
PCQ Algorithm
If you classify the packets by src-address then all packets with different source IP addresses will be grouped into different subqueues
![Page 220: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/220.jpg)
© MikroTik 2007 220
PCQ ExampleIf ‘limit-at’ and ‘max-limit’ are set to ‘0’, then the subqueues can take up all bandwidth available for the parentSet the PCQ Rate to ‘0’, if you do not want to limit subqueues, i.e, they can use the bandwidth up to ‘max-limit’, if available
![Page 221: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/221.jpg)
© MikroTik 2007 221
PCQ in Actionpcq-rate=128000pcq-rate=128000
queue=pcq-downmax-limit=512k
128k
128k
128k
128k
73k
73k
73k
73k
73k
73k
73k
128k
128k
2 ‘users’ 4 ‘users’ 7 ‘users’
![Page 222: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/222.jpg)
© MikroTik 2007 222
PCQ in Action (cont.)pcq-rate=0pcq-rate=0
queue=pcq-downmax-limit=512k
73k
73k
73k
73k
73k
73k
73k
512k
1 ‘user’ 7 ‘users’
256k
2 ‘users’
256k
![Page 223: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/223.jpg)
© MikroTik 2007 223
Queue Type LabWatch the instructor's demonstration about PCQ and follow on.
![Page 224: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/224.jpg)
© MikroTik 2007
Queue Tree
–Another way to manage the traffic
![Page 225: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/225.jpg)
© MikroTik 2007 225
Tree Queue
![Page 226: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/226.jpg)
© MikroTik 2007 226
Queue TreeQueue tree is only one directional. There must be one queue for download and one for uploadQueue tree queues work only with packet marks. These marks should be created in the firewall mangleQueue tree allows to build complex queue hierarchies
![Page 227: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/227.jpg)
© MikroTik 2007 227
Queue Tree and Simple QueuesTree queue can be placed in 4 different places:
Global-in (All inbound traffic to the Router)Global-out(All outbound traffic from the Router)Global-total (Total of inbound and outbound – Sometimes Unstable)Interface queue
If placed in same place Simple queue will take traffic before Queue Tree
![Page 228: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/228.jpg)
© MikroTik 2007
Firewall Mangle
–IP packet marking and IP header fields adjustment
![Page 229: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/229.jpg)
© MikroTik 2007 229
What is Mangle?The mangle facility allows to mark IP packets with special marks. These marks are used by other router facilities to identify the packets. Additionally, the mangle facility is used to modify some fields in the IP header, like TOS and TTL fields.
![Page 230: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/230.jpg)
© MikroTik 2007 230
Firewall MangleThe firewall mangle facility is a tool for packet markingFirewall mangle consists from a sequence of IF-THEN rules
0) IF <condition(s)> THEN <action>1) IF <condition(s)> THEN <action>2) IF <condition(s)> THEN <action>
If a packet doesn't meet all the conditions of the rule, it is sent on to the next rule.If a packet meets all the conditions of the rule, specified action is performed on it.
![Page 231: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/231.jpg)
© MikroTik 2007 231
Firewall Mangle
![Page 232: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/232.jpg)
© MikroTik 2007 232
Mangle StructureMangle rules are organized in chainsThere are five built-in chains:
Prerouting- making a mark before Global-In queuePostrouting - making a mark before Global-Out queueInput - making a mark before Input filterOutput - making a mark before Output filterForward - making a mark before Forward filter
New user-defined chains can be added, as necessary
![Page 233: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/233.jpg)
© MikroTik 2007 233
Mangle actionsThere are 7 more actions in the mangle:
mark-connection – mark connection (only first packet)mark-packet – mark a flow (all packets) mark-routing - mark packets for policy routing change MSS - change maximum segment size of the packet change TOS - change type of service change TTL - change time to live strip IPv4 options
![Page 234: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/234.jpg)
© MikroTik 2007 234
Marking ConnectionsUse mark connection to identify one or group of connections with the specific connection markConnection marks are stored in the connection tracking tableThere can be only one connection mark for one connection.Connection tracking helps to associate each packet to a specific connection (connection mark)
![Page 235: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/235.jpg)
© MikroTik 2007 235
Mark Connection Rule
![Page 236: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/236.jpg)
© MikroTik 2007 236
Marking PacketsPackets can be marked
Indirectly. Using the connection tracking facility, based on previously created connection marks (faster)Directly. Without the connection tracking - no connection marks necessary, router will compare each packet to a given conditions
(this process imitates some of the connection tracking features)
![Page 237: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/237.jpg)
© MikroTik 2007 237
Mark Packet Rule
![Page 238: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/238.jpg)
© MikroTik 2007 238
Mangle Lab Mark all HTTP connections Mark all packets from HTTP connections
Mark all ICMP packets
Mark all other connections Mark all packets from other connections
Check the configuration
![Page 239: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/239.jpg)
© MikroTik 2007 239
Mangle Lab Result
![Page 240: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/240.jpg)
© MikroTik 2007 240
Queue Tree Lab Create queue tree:
Create a main queueCreate child queue for ICMPCreate child queue for HTTPCreate child queue for OTHER
Consume all the available traffic using bandwidth-test and check the ping response timesSet highest priority to ICMPCheck the ping response times
![Page 241: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/241.jpg)
© MikroTik 2007 241
Queue Tree Lab Result
![Page 242: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/242.jpg)
© MikroTik 2007
DHCP
–Dynamic Host Configuration Protocol
![Page 243: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/243.jpg)
© MikroTik 2007 243
DHCPThe Dynamic Host Configuration Protocol is needed for easy distribution of IP addresses in a network. DHCP is basically insecure and should only be used in trusted networks DHCP uses UDP ports 67 and 68
![Page 244: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/244.jpg)
© MikroTik 2007 244
DHCP ServerYou can set an individual DHCP server for each Ethernet-like interfaceThere can be more then one DHCP server on the interface, but “relay” option must be different across the serversDHCP server has “alert” feature to spot other DHCP servers in the broadcast domain.
![Page 245: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/245.jpg)
© MikroTik 2007 245
DHCP Server Setup WizardThe preferred way to configure DHCP serverAutomatically creates configuration entries in
/ip pool/ip dhcp-server/ip dhcp-server network
The configuration could be later modified to suit local installation needsSetup wizard will automatically fill most of the fields if you assign an IP address to prospective DHCP server interface
![Page 246: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/246.jpg)
© MikroTik 2007 246
DHCP Server Setup (Step 1)
![Page 247: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/247.jpg)
© MikroTik 2007 247
DHCP Server Setup Wizard (Step 2,3,4(5))
![Page 248: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/248.jpg)
© MikroTik 2007 248
DHCP Server Setup WizardChoose a DHCP address space – IP networkChoose IP that will act as a gateway in this address space (usually it is DHCP server itself)“relay” option must be specified only if the router does not have an IP address from the chosen address space on the interface selected for the DHCP server
![Page 249: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/249.jpg)
© MikroTik 2007 249
DHCP Server Setup (Step 5,6,7)
![Page 250: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/250.jpg)
© MikroTik 2007 250
DHCP Server Setup WizardChoose an address range that will be given to the clients (usually there are all addresses in the range except DHCP server and gateway address)Specify your default DNS server Finally you need to specify the lease time - the time that a client may use an address
![Page 251: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/251.jpg)
© MikroTik 2007 251
DHCP Server LabCreate DHCP server using the wizard on the router for your LaptopUse the same private address range 192.168.XY.0/24Configure your Laptop us DHCP client with automatic DNS server configurationCheck your setup, you should be able to use Internet
![Page 252: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/252.jpg)
© MikroTik 2007 252
DHCP Server
![Page 253: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/253.jpg)
© MikroTik 2007 253
IP PoolIf you prefer to create DHCP server manually you must create an IP Pool first!IP pools are used to define range of IP addresses that is used for DHCP server and Point-to-Point servers You can monitor address space usage“next pool” parameter allows to do chain multiple IP pools
![Page 254: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/254.jpg)
© MikroTik 2007 254
IP Pool
![Page 255: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/255.jpg)
© MikroTik 2007 255
DHCP Server NetworksCreate a server that uses the previously created IP poolTo use advanced DHCP options you must create a record in /ip dhcp-server network menu, there you can select DNS, NTP and WINS server addresses In addition, an arbitrary DHCP option (one of 254) could be sendNetwork mask could be overridden as well
![Page 256: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/256.jpg)
© MikroTik 2007 256
DHCP Server Networks
![Page 257: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/257.jpg)
© MikroTik 2007
HTTP Proxy
–Regular HTTP Proxy. Transparent Proxy.–Access List. Cache List. Direct List
![Page 258: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/258.jpg)
© MikroTik 2007 258
HTTP ProxyHTTP Proxy is used to speed up Internet HTTP service access speed by caching HTTP data to the storage drive or memoryHTTP Proxy intercept client request, asks for same data itself and store an answer in cacheNext time client request same data, HTTP proxy will intercept the request and answer to client from the cacheHTTP proxy can be used as HTTP firewall filter
![Page 259: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/259.jpg)
© MikroTik 2007 259
HTTP Proxy
![Page 260: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/260.jpg)
© MikroTik 2007 260
HTTP Proxy FeaturesThe MikroTik RouterOS implements the following proxy server features:
Regular and Transparent HTTP proxy Access List (HTTP firewall filter)Cache List (specifies which requests to cache, and which not) Direct List (If parent-proxy property is specified, it is possible to tell proxy server whether to try to pass the request to the parent proxy or to resolve it connecting to the requested server directly.)
![Page 261: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/261.jpg)
© MikroTik 2007 261
Transparent HTTP Proxy
![Page 262: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/262.jpg)
© MikroTik 2007 262
Access List Rules
![Page 263: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/263.jpg)
© MikroTik 2007 263
Destination Host and Path
Special characters“*” - any number of any characters“?” - any character
www.mi?roti?.comwww.mikrotik*
* mikrotik*
http://www.mikrotik.com/docs/ros/2.9/graphics:packet_flow31.jpg
Destination host Destination path
![Page 264: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/264.jpg)
© MikroTik 2007 264
Regular Expression ModePlace “:” at the beginning to enable regular expression mode
”^“ - show that no symbols are allowed before the given pattern “$“ - show that no symbols are allowed after the given pattern “[....]” - A character class matches a single character out of all the possibilities offered by the character class \ (backslash) followed by any of [\^$.|?*+() suppress their special meaning.
![Page 265: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/265.jpg)
© MikroTik 2007 265
Cache List Rule
![Page 266: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/266.jpg)
© MikroTik 2007 266
HTTP Proxy Monitoring
![Page 267: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/267.jpg)
© MikroTik 2007 267
HTTP Proxy LabCreate a transparent HTTP proxy on your router with small cache only into the RAMConfigure logging facility to capture HTTP proxy informationRestrict debtor (specific IP's) access to the web resources - redirect all requests to the “payment notice” page
![Page 268: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/268.jpg)
© MikroTik 2007
MikroTik RouterOS - VPNVirtual Private Networks
EoIP PPTP,L2TP
PPPoE
![Page 269: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/269.jpg)
© MikroTik 2007 269
VPN BenefitsEnable communications between corporate private LANs over
Public networksLeased linesWireless links
Corporate resources (e-mail, servers, printers) can be accessed securely by users having granted access rights from outside (home, while travelling, etc.)
![Page 270: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/270.jpg)
© MikroTik 2007
EoIP
Ethernet over IP
![Page 271: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/271.jpg)
© MikroTik 2007 271
EOIP (Ethernet Over IP) tunnelMikroTik proprietary protocol.Simple in configurationDon't have authentication or data encryption capabilitiesEncapsulates Ethernet frames into IP protocol 47/gre packets, thus EOIP is capable to carry MAC-addressesEOIP is only tunnel with bridge capabilities
![Page 272: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/272.jpg)
© MikroTik 2007 272
Creating EoIP Tunnel
![Page 273: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/273.jpg)
© MikroTik 2007 273
Creating EoIP TunnelCheck that you are able to ping remote address before creating a tunnel to itMake sure that your EOIP tunnel will have unique MAC-address (it should be from FE:xx:xx:xx:xx:xx range)Tunnel ID on both ends of the EOIP tunnel must be the same – it helps to separate one tunnel from other
![Page 274: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/274.jpg)
© MikroTik 2007 274
/32 IP AddressesIP addresses are added to the tunnel interfacesUse /30 network to save address space, for example:
10.1.6.1/30 and 10.1.6.2/30 from network 10.1.6.0/30
It is possible to use point to point addressing, for example:
10.1.6.1/32, network 10.1.7.110.1.7.1/32, network 10.1.6.1
![Page 275: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/275.jpg)
© MikroTik 2007 275
EoIP and /30 Routing
EOIP1: 1.1.1.1/30
Any IP network
(LAN, WAN, Internet)EOIP2: 2.2.2.1/30EOIP3: 3.3.3.1/30
EOIP3: 3.3.3.2/30EOIP2: 2.2.2.2/30
EOIP1: 1.1.1.2/30
![Page 276: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/276.jpg)
© MikroTik 2007 276
EoIP and /32 Routing
EOIP1: 1.1.1.1/32Any IP network
(LAN, WAN, Internet) EOIP2: 1.1.1.1/32
EOIP3: 1.1.1.1/32
EOIP3: 3.3.3.2/32EOIP2: 2.2.2.2/32
EOIP1: 1.1.1.2/32
Network: 1.1.1.1Network: 1.1.1.1
Network: 1.1.1.1
Network: 1.1.1.2
Network: 2.2.2.2
Network: 3.3.3.2
![Page 277: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/277.jpg)
© MikroTik 2007 277
EoIP and BridgingEoIP Interface can be bridged with any other EoIP or Ethernet-like interface.Main use of EoIP tunnels is to transparently bridge remote networks.EoIP protocol does not provide data encryption, therefore it should be run over encrypted tunnel interface, e.g., PPTP or PPPoE, if high security is required.
![Page 278: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/278.jpg)
© MikroTik 2007 278
EOIP and Bridging
Any IP network(LAN, WAN, Internet)
Bridge
Local network192.168.0.101/24 - 192.168.0.255/24
Local network192.168.0.1/24 - 192.168.0.100/24
Bridge
![Page 279: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/279.jpg)
© MikroTik 2007 279
EoIP LabRestore system backup (slide 78)Create EOIP tunnel with your neighbour(s)Route your private networks using /32Check the configuration!Bridge your private networks via EoIP
![Page 280: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/280.jpg)
© MikroTik 2007
Local User Database
PPP Profile, PPP Secret
![Page 281: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/281.jpg)
© MikroTik 2007 281
Point-to-Point Protocol Tunnels A little bit sophisticated in configurationCapable of authentication and data encryptionSuch tunnels are:
PPPoE (Point-to-Point Protocol over Ethernet)PPTP (Point-to-Point Tunnelling Protocol)L2TP (Layer 2 Tunnelling Protocol)
You should create user information before creating any tunnels
![Page 282: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/282.jpg)
© MikroTik 2007 282
PPP SecretPPP secret (aka local PPP user database) stores PPP user access records Make notice that user passwords are displayed in the plain text – anyone who has access to the router are able to see all passwordsIt is possible to assign specific /32 address to both ends of the PPTP tunnel for this userSettings in /ppp secret user database override corresponding /ppp profile settings
![Page 283: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/283.jpg)
© MikroTik 2007 283
PPP Secret
![Page 284: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/284.jpg)
© MikroTik 2007 284
PPP Profile and IP PoolsPPP profiles define default values for user access records stored under /ppp secret submenuPPP profiles are used for more than 1 user so there must be more than 1 IP address to give out - we should use IP pool as “Remote address” valueValue “default” means – if option is coming from RADIUS server it won't be overridden
![Page 285: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/285.jpg)
© MikroTik 2007 285
PPP Profile
![Page 286: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/286.jpg)
© MikroTik 2007 286
Change TCP MSS
Big 1500 byte packets have problems going trough the tunnels because:
Standard Ethernet MTU is 1500 bytesPPTP and L2TP tunnel MTU is 1460 bytesPPPOE tunnel MTU is 1488 bytes
By enabling “change TCP MSS option, dynamic mangle rule will be created for each active user to ensure right size of TCP packets, so they will be able to go through the tunnel
![Page 287: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/287.jpg)
© MikroTik 2007
PPTP and L2TP
Point-to-Point Tunnelling Protocol and Layer 2 Tunnelling Protocol
![Page 288: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/288.jpg)
© MikroTik 2007 288
PPTP Tunnels PPTP uses TCP port 1723 and IP protocol 47/GRE There is a PPTP-server and PPTP-clientsPPTP clients are available for and/or included in almost all OS You must use PPTP and GRE “NAT helpers” to connect to any public PPTP server from your private masqueraded network
![Page 289: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/289.jpg)
© MikroTik 2007 289
L2TP Tunnels PPTP and L2TP have mostly the same functionalityL2TP traffic uses UDP port 1701 only for link establishment, further traffic is using any available UDP port L2TP don't have problems with NATed clients – it don't required “NAT helpers”Configuration of the both tunnels are identical in RouterOS
![Page 290: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/290.jpg)
© MikroTik 2007 290
Creating PPTP/L2TP Client
![Page 291: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/291.jpg)
© MikroTik 2007 291
PPTP Client LabRestore system backup (slide 78)Create PPTP client
Server Address:10.1.1.254User: adminPassword: adminAdd default route = yes
Make necessary adjustments to access the internet
![Page 292: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/292.jpg)
© MikroTik 2007 292
Creating PPTP/L2TP Server
![Page 293: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/293.jpg)
© MikroTik 2007 293
PPTP Server LabCreate a PPTP serverCreate one user in PPP SecretConfigure your laptop to connect to your PPTP serverMake necessary adjustments to access the internet via the tunnelCreate PPP Profile for the router to use encryptionConfigure PPTP-client on the laptop accordingly
![Page 294: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/294.jpg)
© MikroTik 2007 294
User Access ControlControlling the Hardware
Static IP and ARP entriesDHCP for assigning IP addresses and managing ARP entries
Controlling the UsersPPPoE requires PPPoE client configurationHotSpot redirects client request to the sign-up pagePPTP requires PPTP client configuration
![Page 295: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/295.jpg)
© MikroTik 2007
PPPoE
Point-to-Point Protocol over Ethernet
![Page 296: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/296.jpg)
© MikroTik 2007 296
PPPoE tunnels PPPoE works in OSI 2nd (data link) layerPPPoE is used to hand out IP addresses to clients based on the user authentication PPPoE requires a dedicated access concentrator (server), which PPPoE clients connect to.Most operating systems have PPPoE client software. Windows XP has PPPoE client installed by default
![Page 297: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/297.jpg)
© MikroTik 2007 297
PPPoE Client
![Page 298: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/298.jpg)
© MikroTik 2007 298
PPPoE Client LabRestore system backup (slide 78)Create PPPoE client
Interface: wlan1User: adminPassword: adminAdd default route = yes
Make necessary adjustments to access the internet
![Page 299: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/299.jpg)
© MikroTik 2007 299
Creating PPPoE Server (Service)
![Page 300: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/300.jpg)
© MikroTik 2007 300
PPPoE Server LabCreate a PPPoE serverCreate one user in PPP SecretConfigure your laptop to connect to your PPPoE serverMake necessary adjustments to access the internet via the tunnelCreate PPP Profile for the router to use encryptionConfigure PPPoE-client on the laptop accordingly
![Page 301: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/301.jpg)
© MikroTik 2007
HotSpot
Plug-and-Play Access
![Page 302: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/302.jpg)
© MikroTik 2007 302
HotSpotHotSpot is used for authentication in local networkAuthentication is based on HTTP/HTTPS protocol meaning it can work with any Internet browserHotSpot is a system combining together various independent features of RouterOS to provide the so called ‘Plug-and-Play’ access
![Page 303: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/303.jpg)
© MikroTik 2007 303
How does it work?User tries to open a web pageRouter checks if the user is already authenticated in the HotSpot systemIf not, user is redirected to the HotSpot login pageUser specifies the login information
![Page 304: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/304.jpg)
© MikroTik 2007 304
How does it work?If the login information is correct, then the router
authenticates the client in the Hotspot system;opens the requested web page;opens a status pop-up window
The user can access the network through the HotSpot gateway
![Page 305: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/305.jpg)
© MikroTik 2007 305
HotSpot FeaturesUser authenticationUser accounting by time, data transmitted/receivedData limitation
by data rateby amount
Usage restrictions by timeRADIUS supportWalled garden
![Page 306: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/306.jpg)
© MikroTik 2007 306
HotSpot Setup Wizard (Step 1)
![Page 307: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/307.jpg)
© MikroTik 2007 307
HotSpot Setup Wizard Start the HotSpot setup wizard and select interface to run the HotSpot onSet address on the HotSpot interfaceChoose whether to masquerade HotSpot network or notSelect address pool for the HotSpotSelect HotSpot SSL certificate if HTTPS is required
![Page 308: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/308.jpg)
© MikroTik 2007 308
HotSpot Setup Wizard (Step 2-5)
![Page 309: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/309.jpg)
© MikroTik 2007 309
HotSpot Setup Wizard Select SMTP server to automatically redirect outgoing mails to local SMTP server, so the clients need not to change their outgoing mail settingsSpecify DNS servers to be used by the router and HotSpot usersSet DNS name of the local HotSpot serverFinally the wizard allows to create one HotSpot user
![Page 310: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/310.jpg)
© MikroTik 2007 310
HotSpot Setup Wizard (Step 5-8)
![Page 311: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/311.jpg)
© MikroTik 2007 311
HotSpot Setup Wizard LabCreate simple Hotspot server for your private network using HotSpot Setup WizardLogin and check the setup!LogoutType any random IP, netmask, gateway, DNS values on your Laptop network configurationLogin and check the setup!
![Page 312: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/312.jpg)
© MikroTik 2007 312
HotSpot Server Setup WizardThe preferred way to configure HotSpot serverAutomatically creates configuration entries in
/ip hotspot/ip hotspot profile/ip hotspot users/ip pool/ip dhcp-server /ip dhcp-server networks/ip firewall nat (dynamic rules)/ip firewall filter (dynamic rules)
![Page 313: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/313.jpg)
© MikroTik 2007 313
HotSpot Servers
![Page 314: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/314.jpg)
© MikroTik 2007 314
HotSpot Servers ProfilesHotSpot server profiles are used for common server settings. Think of profiles as of server groupsYou can choose 6 different authentication methods in profile settings
![Page 315: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/315.jpg)
© MikroTik 2007 315
HotSpot Server Profiles
![Page 316: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/316.jpg)
© MikroTik 2007 316
HotSpot Authentication MethodsHTTP PAP - simplest method, which shows the HotSpot login page and expects to get the user credentials in plain text (maximum compatibility mode)
HTTP CHAP - standard method, which includes CHAP computing for the string which will be sent to the HotSpot gateway.
HTTPS – plain text authentication using SSL protocol to protect the session
![Page 317: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/317.jpg)
© MikroTik 2007 317
HotSpot Authentication MethodsHTTP cookie - after each successful login, a cookie is sent to the web browser and the same cookie is added to active HTTP cookie list. This method may only be used together with HTTP PAP, HTTP CHAP or HTTPS methods
MAC address - authenticates clients as soon as they appear in the hosts list, using client's MAC address as user name
Trial - does not require authentication for a certain amount of time
![Page 318: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/318.jpg)
© MikroTik 2007 318
HotSpot Users
![Page 319: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/319.jpg)
© MikroTik 2007 319
HotSpot UsersBind username, password and profile for a particular clientLimit a user by uptime, bytes-in and bytes-outAssign an IP address for the clientPermit user connections only from particular MAC address
![Page 320: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/320.jpg)
© MikroTik 2007 320
HotSpot User Profiles
![Page 321: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/321.jpg)
© MikroTik 2007 321
HotSpot User ProfilesStore settings common to groups of users Allow to choose firewall filter chains for incoming and outgoing traffic checkAllow to set a packet mark on traffic of every user of this profileAllow to rate limit users of the profile
![Page 322: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/322.jpg)
© MikroTik 2007 322
HotSpot IP Bindings
![Page 323: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/323.jpg)
© MikroTik 2007 323
HotSpot IP BindingsSetup static NAT translations based on either
the original IP address (or IP network), the original MAC address.
Allow some addresses to bypass HotSpot authentication. Usefully for providing IP telephony or server services.Completely block some addresses.
![Page 324: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/324.jpg)
© MikroTik 2007 324
HotSpot HTTP-level Walled Garden
![Page 325: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/325.jpg)
© MikroTik 2007 325
HotSpot HTTP-level Walled GardenWalled garden allows to bypass HotSpot authentication for some resourcesHTTP-level Walled Garden manages HTTP and HTTPS protocolsHTTP-level Walled Garden works like Web-proxy filtering, you can use the same HTTP methods and same regular expressions to make an URL string
![Page 326: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/326.jpg)
© MikroTik 2007 326
HotSpot IP-Level Walled Garden
IP-level Walled Garden works on the IP level, use it like IP firewall filter
![Page 327: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/327.jpg)
© MikroTik 2007 327
HotSpot IP-Level Walled Garden
![Page 328: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/328.jpg)
© MikroTik 2007 328
Hotspot LabAllow access to the www.mikrotik.com without the Hotspot authenticationAllow access to your router's IP without the Hotspot authenticationCreate another user with 10MB download limitation.Check this user!Allow your laptop to bypass the Hotspot.
![Page 329: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/329.jpg)
© MikroTik 2007 329
Login Page CustomizationThere are HTML template pages on the router FTP for each active HotSpot profileThose HTML pages contains variables which will be replaced with the actual information by the HotSpot before sending to the client It is possible to modify those pages, but you must directly download HTML pages from the FTP to modify them correctly
![Page 330: MikroTik RouterOS Training Basic Class - · PDF file© MikroTik 2007 5 About MikroTik Mission Statement MikroTik is a router software and hardware manufacturer that offers user friendly,](https://reader034.vdocuments.us/reader034/viewer/2022050814/5aad40477f8b9a8d678ddfc0/html5/thumbnails/330.jpg)
© MikroTik 2007 330
Customized Page Example